README.md
<h1>BlockCracking</h1>
Credit to <a target=_blank href="https://github.com/Exim/exim/wiki/BlockCracking">https://github.com/Exim/exim/wiki/BlockCracking</a><br>
<br>
this version has been modified for use with a DirectAdmin System.<br>
It requires a minimum of exim.conf 4.3.3 and exim.pl 29<br>
<br>

<hr>
<h2>Installation</h2>
See this guide for automated CustomBuild 2.0 install:<br>
<a target=_blank href="http://help.directadmin.com/item.php?id=576">http://help.directadmin.com/item.php?id=576</a><br>
<br>

<hr>
<h2>Help</h2>
See the forum for issues or questions:<br>
<a target=_blank href="http://forum.directadmin.com/forumdisplay.php?f=90">http://forum.directadmin.com/forumdisplay.php?f=90</a><br>
<br>

<hr>
<h2>About</h2>

The idea BlockCracking is that spammers typically send masses of emails
and a large number of those emails are invalid or no longer exists (spammers don't confirm them)<br>
The BlockCracking code will keep count of these invalid deliveries and block the
sender of the given type, if the limit is hit, within a period of time.<br><br>

Sender Types:<br>
- auth: an account who had authenticated with smtp-auth<br>
- script: any script being delivered to exim via /usr/sbin/sendmail|exim commandline, including php mail();<br>

<hr>
<h2>Settings</h2>

You can use the /etc/exim.blockcracking/variables.conf.custom to override the default variables.(see below)<br>
There are also DirectAdmin directadmin.conf options to control how DA handles the reports:<br>
<a target=_blank href="http://www.directadmin.com/features.php?id=1645">http://www.directadmin.com/features.php?id=1645</a><br>
<textarea readonly cols=180 rows=3>block_cracking_unblock=0|1|2
block_cracking_unblock_minutes=120
</textarea><br>
block_cracking_unblock=<br>
0 = script paths and E-Mails cannot be unblocked by DA.<br>
1 >= emails and paths can be unblocked by the User*<br>
2 >= Automatically unblocked after 'block_cracking_unblock_minutes' have passed, plus abilities from =1<br>
<br>
*an E-Mail block must be done one-level up, eg: E-Mail unblocked by User. If User is blocked, unblocked by Reseller or via Lost Password tool.<br>
<br><br>

<hr>
<h2>Files</h2>

-- variables.conf<br>
<br>
If you want to customize the file, create your own file:<br>
-- variables.conf.custom, and set only the values in this file as desired, and they'll override the defaults.<br>
Use double equals in the variables.conf.custom, to override the varibles.conf<br>
<textarea readonly cols=180 rows=9>
BC_LIM == 100 - how many invalid emails can be send withn BC_PERIOD before block
BC_PERIOD == 1h - Period of time the invalid emails can be send before block
BC_SHELL - leave this alone
BC_UNLIMITED_USERNAMES ==- usual acounts that should not have script restrictions. you can add extra users if desired.
BC_DENIED_PATHS - path to the regex for scripts.denied_paths.txt. Create scripts.denied_paths.custom.txt for custom changes, and re-install with CB2.

BC_SKIP_AUTHENTICATED_USERS - Path of list of smtp-auth email addresses to not be scanned by BC. Does not need to exist. /etc/virtual/bc_skip_authenticated_users
BC_SKIP_SENDING_HOSTS - path of list of hosts that are allowed to connect and not be scanned by BC. Does not need to exist. /etc/virtual/bc_skip_sending_hosts
BC_VERIFY_CALLOUT - adjust the timeouts as needed. Slow client-to-exim is likely caused by the remote smtp verification: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#CALLaddparcall
</textarea><br>

<br>
-- auth.conf<br>
<br>
Contains the BlockCracking code to count and block smtp authenticated accounts.<br>
Blocks to the file:<br>

/var/spool/exim/blocked_authenticated_users<br>

<br><br>
-- script.conf<br>
<br>
Contains the BlockCracking code to count and block script paths.<br>
Since exim has no way of knowing which script actually sent the message,
this code will track and rate-lmiit based on the script's working path.<br>
This will allow other possibly valid scripts in other paths to continue working.<br>
Blocks to the file:<br>

/var/spool/exim/blocked_script_paths<br>

<br><br>
-- script.recipients.conf<br><br>

Contains a "recipients" ACL for the scripts.conf to call, because the non-SMTP ACLs
must figure out the recipients one-by-one (Credit to Lena for helping with this)<br>

<br><br>
-- script.denied_paths.txt<br><br>

Contains a list of nwildlsearch regex values to be compared against the current working directory for a sending script.<br>
Will the cwd does not contain the filename, just the path it's under.<br>
CustomBuild 2.0 will create this file for you, based on the scripts.denied_paths.txt.<br>
If you want to customize it, create scripts.denied_paths.custom.txt, and CB will use this instead of the scripts.denied_paths.default.txt.<br>

<br><br>
-- /etc/virtual/bc_skip_authenticated_users<br><br>
Optional file, does not need to exist.<br>
Contains list of smtp-auth email addresses which will be skipped / not scanned by BlockCracking<br>

<br><br>
-- /etc/virtual/bc_skip_sending_hosts<br><br>
Optional file, does not need to exist.<br>
Contains hostlist of IPs or rDNS host addresses email addresses which will be skipped / not scanned by BlockCracking.<br>
Wildcards may work on rDNS hostnames, but should be listed after any full IPs or 1.2.3.4/24 ranges<br>